{"api_version":"1","generated_at":"2026-06-20T00:05:41+00:00","cve":"CVE-2018-10919","urls":{"html":"https://cve.report/CVE-2018-10919","api":"https://cve.report/api/cve/CVE-2018-10919.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-10919","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-10919"},"summary":{"title":"CVE-2018-10919","description":"The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks. An authenticated attacker could use this flaw to extract confidential attribute values using LDAP search expressions. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2018-08-22 17:29:00","updated_at":"2019-10-09 23:33:00"},"problem_types":["CWE-200"],"metrics":[],"references":[{"url":"https://usn.ubuntu.com/3738-1/","name":"USN-3738-1","refsource":"UBUNTU","tags":["Third Party Advisory"],"title":"USN-3738-1: Samba vulnerabilities | Ubuntu security notices","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10919","name":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10919","refsource":"CONFIRM","tags":["Issue Tracking","Third Party Advisory"],"title":"1610645 – (CVE-2018-10919) CVE-2018-10919 samba: Confidential attribute disclosure via substring search","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.netapp.com/advisory/ntap-20180814-0001/","name":"https://security.netapp.com/advisory/ntap-20180814-0001/","refsource":"CONFIRM","tags":["Third Party Advisory"],"title":"August 2018 Samba Vulnerabilities in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.debian.org/security/2018/dsa-4271","name":"DSA-4271","refsource":"DEBIAN","tags":["Third Party Advisory"],"title":"Debian -- Security Information -- DSA-4271-1 samba","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.samba.org/samba/security/CVE-2018-10919.html","name":"https://www.samba.org/samba/security/CVE-2018-10919.html","refsource":"CONFIRM","tags":["Patch","Vendor Advisory"],"title":"Samba - Security Announcement Archive","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/105081","name":"105081","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Samba CVE-2018-10919 Access Bypass Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://security.gentoo.org/glsa/202003-52","name":"GLSA-202003-52","refsource":"GENTOO","tags":[],"title":"Samba: Multiple vulnerabilities (GLSA 202003-52) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-10919","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-10919","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"10919","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"14.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"10919","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"16.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"10919","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"18.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"10919","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"14.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"10919","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"16.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"10919","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"18.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"10919","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"10919","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"10919","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"samba","cpe5":"samba","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"10919","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"samba","cpe5":"samba","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2018-10919","qid":"500636","title":"Alpine Linux Security Update for samba"},{"cve":"CVE-2018-10919","qid":"504400","title":"Alpine Linux Security Update for samba"},{"cve":"CVE-2018-10919","qid":"671121","title":"EulerOS Security Update for samba (EulerOS-SA-2019-2484)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"secalert@redhat.com","ID":"CVE-2018-10919","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"samba","version":{"version_data":[{"version_value":"4.6.16"},{"version_value":"4.7.9"},{"version_value":"4.8.4"}]}}]},"vendor_name":"The Samba Team"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks. An authenticated attacker could use this flaw to extract confidential attribute values using LDAP search expressions. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable."}]},"impact":{"cvss":[[{"vectorString":"4.3/CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","version":"3.0"}]]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-203"}]}]},"references":{"reference_data":[{"name":"DSA-4271","refsource":"DEBIAN","url":"https://www.debian.org/security/2018/dsa-4271"},{"name":"USN-3738-1","refsource":"UBUNTU","url":"https://usn.ubuntu.com/3738-1/"},{"name":"https://www.samba.org/samba/security/CVE-2018-10919.html","refsource":"CONFIRM","url":"https://www.samba.org/samba/security/CVE-2018-10919.html"},{"name":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10919","refsource":"CONFIRM","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10919"},{"name":"https://security.netapp.com/advisory/ntap-20180814-0001/","refsource":"CONFIRM","url":"https://security.netapp.com/advisory/ntap-20180814-0001/"},{"name":"105081","refsource":"BID","url":"http://www.securityfocus.com/bid/105081"},{"refsource":"GENTOO","name":"GLSA-202003-52","url":"https://security.gentoo.org/glsa/202003-52"}]}},"nvd":{"publishedDate":"2018-08-22 17:29:00","lastModifiedDate":"2019-10-09 23:33:00","problem_types":["CWE-200"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4},"severity":"MEDIUM","exploitabilityScore":8,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*","versionStartIncluding":"4.8.0","versionEndExcluding":"4.8.4","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*","versionStartIncluding":"4.7.0","versionEndExcluding":"4.7.9","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.6.16","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"10919","Ordinal":"127371","Title":"CVE-2018-10919","CVE":"CVE-2018-10919","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"10919","Ordinal":"1","NoteData":"The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks. An authenticated attacker could use this flaw to extract confidential attribute values using LDAP search expressions. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"10919","Ordinal":"2","NoteData":"2018-08-22","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"10919","Ordinal":"3","NoteData":"2020-03-25","Type":"Other","Title":"Modified"}]}}}